The Boston Patent Law Association’s Computer Law Committee is hosting the webinar “U.S. and EU Data Privacy Compliance in the Healthcare Space” Wednesday, June 29 at 12 p.m. EST. Greenberg Traurig Shareholder Gretchen A. Ramos, co-chair of the firm’s Global Data, Privacy & Cybersecurity Practice, will be a panelist on the webinar,

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

On April 29, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) released a draft Technical Guideline on Personal Information Cross-Border Transfer Certifications (Cert Guideline). While the Cert Guideline is still in draft form and thus subject to change, it provides some clarification regarding the certification process for cross-border transfers of

Modern state privacy laws have attempted to carve out organizations that process de minimis amounts of personal information, or whose business activities do not monetize data. The specific thresholds used, however, differ between states. The following provides a comparison of the thresholds that each statute creates for organizations that are subject to regulatory compliance obligations:

The terms “pseudonymize” and “pseudonymization” are commonly referenced in the data privacy community, but their origins and meaning are not widely understood among American attorneys.  Most American dictionaries do not recognize either term.[1] While they derive from the root word “pseudonym” – which is defined as a “name that someone uses instead of his

The term “sale” is defined slightly differently between and among modern U.S. data privacy statutes with some statutes defining the term as including exchanges of personal information in return for valuable consideration, and others defining the terms as including only exchanges of personal information in return for monetary consideration. As the following chart indicates, state

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.

Visual

Summary

  • Cross border transfers in the United States don’t need a SCC. Company A is not required under U.S. law or the GDPR to

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.

Visual Summary
Overview of situation.  Company A in the EEA retains Company Z-1 in the US to process personal data.  Company Z-1 intends to

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.

Visual Summary
  • 1st Transfer: SCC Module 2. Initial cross-border transfer from EEA to Country Q utilizes the SCC Module 2 designed for transfers from

Gretchen A. Ramos is quoted in a Cybersecurity Law Report article titled “Navigating Post-Schrems II International Data Transfer Waters: Challenges and TIAs.” The article discusses the challenges companies may face as they complete transfer impact assessments (TIAs) and update their standard contractual clauses (SCCs).

Click here to read the full article. (subscription required)